On 17/03/15 15:52, abhi dhiman wrote:
Hi All,
Actually I am working with the OpenSSH version 6.2p which is vulnerable to
above mentioned vulnerabilities.
So am looking for some help how I can fix these vulnerabilities in my
version. I need to fix it in the OpenSSH code.
Regards
Abhishek
Unless you specifically enabled the experimental JPAKE support in
openssh (eg. by adding
-DJPAKE in Makefile.inc) you are not affected by CVE-2014-1692.
In order to avoid CVE-2014-2532, you can apply this change:
https://anongit.mindrot.org/openssh.git/commit/?id=8569eba5d7f7348ce3955eeeb399f66f25c52ece
Regards
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev